Ethical hacking vs Penetration testing:
|Ethical Hacking||Penetration testing|
|Hacking the system in an ethical way to discover vulnerabilities of the system.||Formal procedure to discover security vulnerabilities, flaws and risks.|
|Conducted to identify flaws and prevent real time hacking.||Conducted to strengthen their corporate defense systems.|
Cyber security & Ethical hacking Tutorial Video:
Phases and Concepts of Hacking:
There are five phases in penetration testing. It includes –
- Reconnaissance – Majorly used to gather data
- Scanning – Used to gather further intelligence on the data
- Gaining access – Takes control of one or more network devices to extract data.
- Maintaining access – Gains more data from the targeted environment
- Covering tracks – Remove traces of detecting the attack.
There are various concepts of hacking such as phase of pentesting, footprinting, scanning, enumeration, system hacking, sniffing traffic and so on.
Footprinting, also known as reconnaissance is used for gathering all possible data about target system. It can be active or passive. The collected data is used to intrude the system and decide the attack types on the system based on the security. Several information such as domain name, IP address, namespace, email id, location, history of the website can be found by this method.
Footprint and Scanning Tools:
Several tools are used to gather information such as –
- Crawling – Surf the internet to gain information
- Whois – lookup of website to get information like email, registration etc.
- Search engines – Google, Bing and other search sites to get data
- Traceroute – Used to trace a path between user and the target system on the networks.
- Netcraft – tool to gather information about web servers in both server and client side.
- Nslookup – Querying DNS server to extract information
- The Harvester – Used to catalogue email and subdomains.
Scanning tools such as –
- Nmap – Used for scanning and used to find open ports of target.
- Nessus – To find vulnerabilities in the ports.
- Nexpose – Similar to nessus
Penetration testing/exploitation tools such as –
- MEDUSA – Used to gain authentication service in the target machine.
- Hydra – To break authentication system
- Metasploit – Used to exploit the system.
Scanning is the second stage of information gathering where the hacker tries to do a deep search into the system to look for valuable information. Ethical hackers tries to prevent organization’s attack use this network scanning effectively. The tools and techniques used for scanning are –
- Crafted packets
- TCP flags
- UDP scans
- Ping sweeps
The hackers trie to identify a live system using a protocol, blueprint the same network and perform vulnerability scan to find weaknesses in the system. There are three types of scanning –
- Port scanning – Used to find open ports
- Network scanning – Used to find IP address
- Vulnerability scanning – find weakness or vulnerabilities
Here the hacker uses different techniques and tools to gain maximum data from the system. They are –
- Password cracking – Methods like Bruteforce, dictionary attack, rule-based attack, rainbow table are used. Bruteforce is trying all combinations of the password. Dictionary attack is trying a list of meaningful words until the password matches. Rainbow table takes the hash value of the password and compares with pre-computed hash values until a match is discovered.
- Password attacks – Passive attacks such as wire sniffing, replay attack. Active online attack such as Trojans, keyloggers, hash injection, phishing. Offline attacks such as pre-computed hash, distributed network and rainbow. Non electronic attack such as shoulder surfing, social engineering and dumpster diving.
Once you gain access to the system using various password cracking methods, the next step is to maintain the access in the system. To remain undetected, one has to secure the presence. To secure the hacker can install a hidden infrastructure to keep access of backdoor open. Trojan horses, covert channels and rootkits are used. A trojan horse provides access at application level, used to gain remote access. A covert channel is where the data can be sent through secret communication tunnels. A rootkit is a malware type which hides itself from the system, they conceal to bypass the computer security measures.
All the traces of attack such as log files, intrusion detection system alarms are removed to cover the tracks. Removes all files and folders created, modify logs and registry once the hacker leaves the system. Using of reverse Http shells and ICMP tunnels also helps to cover tracks.